Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← CISM Practice Hub

CISM • Practice Test 20

CISM Practice Test 20 — 15 Questions

Free CISM practice test — 15 questions with explanations. Set 20. No signup required.

15
Questions
Free
No signup
Certifications/CISM/Practice Test/Set 20
Question 1 of 150 answered
hard

Based on the exhibit, what is the most likely vulnerability that an attacker could exploit?

Exhibit

Refer to the exhibit.

Exhibit: Network Architecture Description

The network consists of three zones: External, DMZ, and Internal. The external interface connects to the internet. The DMZ hosts public-facing web servers and an email relay. The internal zone hosts database servers and application servers. A firewall separates External from DMZ, and another firewall separates DMZ from Internal. The firewall rules are:
- External to DMZ: allow HTTP, HTTPS, SMTP.
- DMZ to Internal: allow MySQL (3306) from web servers to database servers, and allow LDAP (389) from application servers to domain controllers.
- Internal to External: allow outbound HTTP/HTTPS from application servers.
- All other traffic is denied.
The IDS is placed on the DMZ segment, monitoring traffic between DMZ and Internal. The IDS signatures include critical, high, and medium severity, and the action is 'alert and log'.

Scored session

Track progress, bookmark weak spots, and get readiness analysis.

Start full session

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CISM Practice Test 1 — 10 Questions→CISM Practice Test 2 — 10 Questions→CISM Practice Test 3 — 10 Questions→CISM Practice Test 4 — 10 Questions→CISM Practice Test 5 — 10 Questions→CISM Practice Exam 1 — 20 Questions→CISM Practice Exam 2 — 20 Questions→CISM Practice Exam 3 — 20 Questions→CISM Practice Exam 4 — 20 Questions→Free CISM Practice Test 1 — 30 Questions→Free CISM Practice Test 2 — 30 Questions→Free CISM Practice Test 3 — 30 Questions→CISM Practice Questions 1 — 50 Questions→CISM Practice Questions 2 — 50 Questions→CISM Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Information Security ProgramInformation Security Risk ManagementInformation Security GovernanceIncident Management

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

CISM Practice HubInformation Security ProgramInformation Security Risk ManagementInformation Security GovernanceIncident Management